src - OpenBSD base system

diff options


context:
space:
mode:

author	Damien Miller <djm@cvs.openbsd.org>	2008-09-06 12:15:47 +0000
committer	Damien Miller <djm@cvs.openbsd.org>	2008-09-06 12:15:47 +0000
commit	5aee09bf741002fb3b9f8313914228b3de20e6c3 (patch)
tree	70ae957b6e34436072074b3534429208062bd54d
parent	75a2b985f7dd6f501dca888b29f067750f90ab0d (diff)

import of OpenSSL 0.9.8h

Diffstat

-rw-r--r--

lib/libssl/src/apps/cms.c

154

-rw-r--r--

lib/libssl/src/apps/ec.c

-rw-r--r--

lib/libssl/src/apps/ecparam.c

-rw-r--r--

lib/libssl/src/crypto/evp/e_seed.c

-rw-r--r--

lib/libssl/src/crypto/seed/seed_cbc.c

-rw-r--r--

lib/libssl/src/crypto/seed/seed_cfb.c

-rw-r--r--

lib/libssl/src/crypto/seed/seed_ofb.c

7 files changed, 180 insertions, 130 deletions

diff --git a/lib/libssl/src/apps/cms.c b/lib/libssl/src/apps/cms.c
index 5f77f8fbb03..6d227acabe8 100644
--- a/lib/libssl/src/apps/cms.c
+++ b/lib/libssl/src/apps/cms.c

@@ -71,9 +71,8 @@

static int save_certs(char *signerfile, STACK_OF(X509) *signers);

static int cms_cb(int ok, X509_STORE_CTX *ctx);

static void receipt_request_print(BIO *out, CMS_ContentInfo *cms);

-static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,

- int rr_allorfirst,

- STACK_OF(OPENSSL_STRING) *rr_from);

+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,

+ STACK *rr_from);

#define SMIME_OP 0x10

#define SMIME_IP 0x20

@@ -95,8 +94,6 @@ static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,

#define SMIME_SIGN_RECEIPT (15 | SMIME_IP | SMIME_OP)

#define SMIME_VERIFY_RECEIPT (16 | SMIME_IP)

-int verify_err = 0;

int MAIN(int, char **);

int MAIN(int argc, char **argv)

@@ -108,7 +105,7 @@ int MAIN(int argc, char **argv)

const char *inmode = "r", *outmode = "w";

char *infile = NULL, *outfile = NULL, *rctfile = NULL;

char *signerfile = NULL, *recipfile = NULL;

- STACK_OF(OPENSSL_STRING) *sksigners = NULL, *skkeys = NULL;

+ STACK *sksigners = NULL, *skkeys = NULL;

char *certfile = NULL, *keyfile = NULL, *contfile=NULL;

char *certsoutfile = NULL;

const EVP_CIPHER *cipher = NULL;

@@ -119,10 +116,9 @@ int MAIN(int argc, char **argv)

STACK_OF(X509) *encerts = NULL, *other = NULL;

BIO *in = NULL, *out = NULL, *indata = NULL, *rctin = NULL;

int badarg = 0;

- int flags = CMS_DETACHED, noout = 0, print = 0;

- int verify_retcode = 0;

+ int flags = CMS_DETACHED;

int rr_print = 0, rr_allorfirst = -1;

- STACK_OF(OPENSSL_STRING) *rr_to = NULL, *rr_from = NULL;

+ STACK *rr_to = NULL, *rr_from = NULL;

CMS_ReceiptRequest *rr = NULL;

char *to = NULL, *from = NULL, *subject = NULL;

char *CAfile = NULL, *CApath = NULL;

@@ -136,7 +132,6 @@ int MAIN(int argc, char **argv)

char *engine=NULL;

#endif

unsigned char *secret_key = NULL, *secret_keyid = NULL;

- unsigned char *pwri_pass = NULL, *pwri_tmp = NULL;

size_t secret_keylen = 0, secret_keyidlen = 0;

ASN1_OBJECT *econtent_type = NULL;

@@ -171,8 +166,6 @@ int MAIN(int argc, char **argv)

operation = SMIME_RESIGN;

else if (!strcmp (*args, "-verify"))

operation = SMIME_VERIFY;

- else if (!strcmp (*args, "-verify_retcode"))

- verify_retcode = 1;

else if (!strcmp(*args,"-verify_receipt"))

{

operation = SMIME_VERIFY_RECEIPT;

@@ -233,8 +226,6 @@ int MAIN(int argc, char **argv)

else if (!strcmp(*args,"-camellia256"))

cipher = EVP_camellia_256_cbc();

#endif

- else if (!strcmp (*args, "-debug_decrypt"))

- flags |= CMS_DEBUG_DECRYPT;

else if (!strcmp (*args, "-text"))

flags |= CMS_TEXT;

else if (!strcmp (*args, "-nointern"))

@@ -261,17 +252,21 @@ int MAIN(int argc, char **argv)

else if (!strcmp (*args, "-no_attr_verify"))

flags |= CMS_NO_ATTR_VERIFY;

else if (!strcmp (*args, "-stream"))

- flags |= CMS_STREAM;

+ {

+ args++;

+ continue;

+ }

else if (!strcmp (*args, "-indef"))

- flags |= CMS_STREAM;

+ {

+ args++;

+ continue;

+ }

else if (!strcmp (*args, "-noindef"))

flags &= ~CMS_STREAM;

else if (!strcmp (*args, "-nooldmime"))

flags |= CMS_NOOLDMIMETYPE;

else if (!strcmp (*args, "-crlfeol"))

flags |= CMS_CRLFEOL;

- else if (!strcmp (*args, "-noout"))

- noout = 1;

else if (!strcmp (*args, "-receipt_request_print"))

rr_print = 1;

else if (!strcmp (*args, "-receipt_request_all"))

@@ -284,8 +279,8 @@ int MAIN(int argc, char **argv)

goto argerr;

args++;

if (!rr_from)

- rr_from = sk_OPENSSL_STRING_new_null();

- sk_OPENSSL_STRING_push(rr_from, *args);

+ rr_from = sk_new_null();

+ sk_push(rr_from, *args);

}

else if (!strcmp(*args,"-receipt_request_to"))

{

@@ -293,14 +288,9 @@ int MAIN(int argc, char **argv)

goto argerr;

args++;

if (!rr_to)

- rr_to = sk_OPENSSL_STRING_new_null();

- sk_OPENSSL_STRING_push(rr_to, *args);

+ rr_to = sk_new_null();

+ sk_push(rr_to, *args);

}

- else if (!strcmp (*args, "-print"))

- {

- noout = 1;

- print = 1;

- }

else if (!strcmp(*args,"-secretkey"))

{

long ltmp;

@@ -329,13 +319,6 @@ int MAIN(int argc, char **argv)

}

secret_keyidlen = (size_t)ltmp;

}

- else if (!strcmp(*args,"-pwri_password"))

- {

- if (!args[1])

- goto argerr;

- args++;

- pwri_pass = (unsigned char *)*args;

- }

else if (!strcmp(*args,"-econtent_type"))

{

if (!args[1])

@@ -397,13 +380,13 @@ int MAIN(int argc, char **argv)

if (signerfile)

{

if (!sksigners)

- sksigners = sk_OPENSSL_STRING_new_null();

- sk_OPENSSL_STRING_push(sksigners, signerfile);

+ sksigners = sk_new_null();

+ sk_push(sksigners, signerfile);

if (!keyfile)

keyfile = signerfile;

if (!skkeys)

- skkeys = sk_OPENSSL_STRING_new_null();

- sk_OPENSSL_STRING_push(skkeys, keyfile);

+ skkeys = sk_new_null();

+ sk_push(skkeys, keyfile);

keyfile = NULL;

}

signerfile = *++args;

@@ -445,12 +428,12 @@ int MAIN(int argc, char **argv)

goto argerr;

}

if (!sksigners)

- sksigners = sk_OPENSSL_STRING_new_null();

- sk_OPENSSL_STRING_push(sksigners, signerfile);

+ sksigners = sk_new_null();

+ sk_push(sksigners, signerfile);

signerfile = NULL;

if (!skkeys)

- skkeys = sk_OPENSSL_STRING_new_null();

- sk_OPENSSL_STRING_push(skkeys, keyfile);

+ skkeys = sk_new_null();

+ sk_push(skkeys, keyfile);

}

keyfile = *++args;

}

@@ -549,13 +532,13 @@ int MAIN(int argc, char **argv)

if (signerfile)

{

if (!sksigners)

- sksigners = sk_OPENSSL_STRING_new_null();

- sk_OPENSSL_STRING_push(sksigners, signerfile);

+ sksigners = sk_new_null();

+ sk_push(sksigners, signerfile);

if (!skkeys)

- skkeys = sk_OPENSSL_STRING_new_null();

+ skkeys = sk_new_null();

if (!keyfile)

keyfile = signerfile;

- sk_OPENSSL_STRING_push(skkeys, keyfile);

+ sk_push(skkeys, keyfile);

}

if (!sksigners)

{

@@ -569,7 +552,7 @@ int MAIN(int argc, char **argv)

else if (operation == SMIME_DECRYPT)

{

- if (!recipfile && !keyfile && !secret_key && !pwri_pass)

+ if (!recipfile && !keyfile && !secret_key)

{

BIO_printf(bio_err, "No recipient certificate or key specified\n");

badarg = 1;

@@ -577,7 +560,7 @@ int MAIN(int argc, char **argv)

}

else if (operation == SMIME_ENCRYPT)

{

- if (!*args && !secret_key && !pwri_pass)

+ if (!*args && !secret_key)

{

BIO_printf(bio_err, "No recipient(s) certificate(s) specified\n");

badarg = 1;

@@ -628,7 +611,7 @@ int MAIN(int argc, char **argv)

BIO_printf (bio_err, "-certsout file certificate output file\n");

BIO_printf (bio_err, "-signer file signer certificate file\n");

BIO_printf (bio_err, "-recip file recipient certificate file for decryption\n");

- BIO_printf (bio_err, "-keyid use subject key identifier\n");

+ BIO_printf (bio_err, "-skeyid use subject key identifier\n");

BIO_printf (bio_err, "-in file input file\n");

BIO_printf (bio_err, "-inform arg input format SMIME (default), PEM or DER\n");

BIO_printf (bio_err, "-inkey file input private key (if not signer or recipient)\n");

@@ -714,7 +697,7 @@ int MAIN(int argc, char **argv)

if (secret_key && !secret_keyid)

{

- BIO_printf(bio_err, "No secret key id\n");

+ BIO_printf(bio_err, "No sectre key id\n");

goto end;

}

@@ -890,7 +873,7 @@ int MAIN(int argc, char **argv)

{

if (!(store = setup_verify(bio_err, CAfile, CApath)))

goto end;

- X509_STORE_set_verify_cb(store, cms_cb);

+ X509_STORE_set_verify_cb_func(store, cms_cb);

if (vpm)

X509_STORE_set1_param(store, vpm);

}

@@ -927,17 +910,6 @@ int MAIN(int argc, char **argv)

secret_key = NULL;

secret_keyid = NULL;

}

- if (pwri_pass)

- {

- pwri_tmp = (unsigned char *)BUF_strdup((char *)pwri_pass);

- if (!pwri_tmp)

- goto end;

- if (!CMS_add0_recipient_password(cms,

- -1, NID_undef, NID_undef,

- pwri_tmp, -1, NULL))

- goto end;

- pwri_tmp = NULL;

- }

if (!(flags & CMS_STREAM))

{

if (!CMS_final(cms, in, NULL, flags))

@@ -1001,11 +973,11 @@ int MAIN(int argc, char **argv)

}

else

flags |= CMS_REUSE_DIGEST;

- for (i = 0; i < sk_OPENSSL_STRING_num(sksigners); i++)

+ for (i = 0; i < sk_num(sksigners); i++)

{

CMS_SignerInfo *si;

- signerfile = sk_OPENSSL_STRING_value(sksigners, i);

- keyfile = sk_OPENSSL_STRING_value(skkeys, i);

+ signerfile = sk_value(sksigners, i);

+ keyfile = sk_value(skkeys, i);

signer = load_cert(bio_err, signerfile,FORMAT_PEM, NULL,

e, "signer certificate");

if (!signer)

@@ -1041,8 +1013,6 @@ int MAIN(int argc, char **argv)

ret = 4;

if (operation == SMIME_DECRYPT)

{

- if (flags & CMS_DEBUG_DECRYPT)

- CMS_decrypt(cms, NULL, NULL, NULL, NULL, flags);

if (secret_key)

{

@@ -1066,16 +1036,6 @@ int MAIN(int argc, char **argv)

}

- if (pwri_pass)

- {

- if (!CMS_decrypt_set1_password(cms, pwri_pass, -1))

- {

- BIO_puts(bio_err,

- "Error decrypting CMS using password\n");

- goto end;

- }

if (!CMS_decrypt(cms, NULL, NULL, indata, out, flags))

{

BIO_printf(bio_err, "Error decrypting CMS structure\n");

@@ -1115,8 +1075,6 @@ int MAIN(int argc, char **argv)

else

{

BIO_printf(bio_err, "Verification failure\n");

- if (verify_retcode)

- ret = verify_err + 32;

goto end;

}

if (signerfile)

@@ -1149,12 +1107,7 @@ int MAIN(int argc, char **argv)

}

else

{

- if (noout)

- {

- if (print)

- CMS_ContentInfo_print_ctx(out, cms, 0, NULL);

- }

- else if (outformat == FORMAT_SMIME)

+ if (outformat == FORMAT_SMIME)

{

if (to)

BIO_printf(out, "To: %s\n", to);

@@ -1168,9 +1121,9 @@ int MAIN(int argc, char **argv)

ret = SMIME_write_CMS(out, cms, in, flags);

}

else if (outformat == FORMAT_PEM)

- ret = PEM_write_bio_CMS_stream(out, cms, in, flags);

+ ret = PEM_write_bio_CMS(out, cms);

else if (outformat == FORMAT_ASN1)

- ret = i2d_CMS_bio_stream(out,cms, in, flags);

+ ret = i2d_CMS_bio(out,cms);

else

{

BIO_printf(bio_err, "Bad output format for CMS file\n");

@@ -1193,23 +1146,21 @@ end:

if (vpm)

X509_VERIFY_PARAM_free(vpm);

if (sksigners)

- sk_OPENSSL_STRING_free(sksigners);

+ sk_free(sksigners);

if (skkeys)

- sk_OPENSSL_STRING_free(skkeys);

+ sk_free(skkeys);

if (secret_key)

OPENSSL_free(secret_key);

if (secret_keyid)

OPENSSL_free(secret_keyid);

- if (pwri_tmp)

- OPENSSL_free(pwri_tmp);

if (econtent_type)

ASN1_OBJECT_free(econtent_type);

if (rr)

CMS_ReceiptRequest_free(rr);

if (rr_to)

- sk_OPENSSL_STRING_free(rr_to);

+ sk_free(rr_to);

if (rr_from)

- sk_OPENSSL_STRING_free(rr_from);

+ sk_free(rr_from);

X509_STORE_free(store);

X509_free(cert);

X509_free(recip);

@@ -1248,8 +1199,6 @@ static int cms_cb(int ok, X509_STORE_CTX *ctx)

error = X509_STORE_CTX_get_error(ctx);

- verify_err = error;

if ((error != X509_V_ERR_NO_EXPLICIT_POLICY)

&& ((error != X509_V_OK) || (ok != 2)))

return ok;

@@ -1331,7 +1280,7 @@ static void receipt_request_print(BIO *out, CMS_ContentInfo *cms)

}

-static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)

+static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK *ns)

{

int i;

STACK_OF(GENERAL_NAMES) *ret;

@@ -1340,10 +1289,12 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)

ret = sk_GENERAL_NAMES_new_null();

if (!ret)

goto err;

- for (i = 0; i < sk_OPENSSL_STRING_num(ns); i++)

+ for (i = 0; i < sk_num(ns); i++)

{

- char *str = sk_OPENSSL_STRING_value(ns, i);

- gen = a2i_GENERAL_NAME(NULL, NULL, NULL, GEN_EMAIL, str, 0);

+ CONF_VALUE cnf;

+ cnf.name = "email";

+ cnf.value = sk_value(ns, i);

+ gen = v2i_GENERAL_NAME(NULL, NULL, &cnf);

if (!gen)

goto err;

gens = GENERAL_NAMES_new();

@@ -1370,9 +1321,8 @@ static STACK_OF(GENERAL_NAMES) *make_names_stack(STACK_OF(OPENSSL_STRING) *ns)

}

-static CMS_ReceiptRequest *make_receipt_request(STACK_OF(OPENSSL_STRING) *rr_to,

- int rr_allorfirst,

- STACK_OF(OPENSSL_STRING) *rr_from)

+static CMS_ReceiptRequest *make_receipt_request(STACK *rr_to, int rr_allorfirst,

+ STACK *rr_from)

{

STACK_OF(GENERAL_NAMES) *rct_to, *rct_from;

CMS_ReceiptRequest *rr;

diff --git a/lib/libssl/src/apps/ec.c b/lib/libssl/src/apps/ec.c
index 896eabc13fb..771e15f3577 100644
--- a/lib/libssl/src/apps/ec.c
+++ b/lib/libssl/src/apps/ec.c

@@ -85,6 +85,9 @@ int MAIN(int, char **);

int MAIN(int argc, char **argv)

{

+#ifndef OPENSSL_NO_ENGINE

+ ENGINE *e = NULL;

+#endif

int ret = 1;

EC_KEY *eckey = NULL;

const EC_GROUP *group;

@@ -251,7 +254,7 @@ bad:

ERR_load_crypto_strings();

#ifndef OPENSSL_NO_ENGINE

- setup_engine(bio_err, engine, 0);

+ e = setup_engine(bio_err, engine, 0);

#endif

if(!app_passwd(bio_err, passargin, passargout, &passin, &passout))

@@ -397,10 +400,4 @@ end:

apps_shutdown();

OPENSSL_EXIT(ret);

}

-#else /* !OPENSSL_NO_EC */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

#endif

diff --git a/lib/libssl/src/apps/ecparam.c b/lib/libssl/src/apps/ecparam.c
index 976ebef12ba..4e1fc837ed6 100644
--- a/lib/libssl/src/apps/ecparam.c
+++ b/lib/libssl/src/apps/ecparam.c

@@ -105,7 +105,7 @@

* in the asn1 der encoding

* possible values: named_curve (default)

* explicit

- * -no_seed - if 'explicit' parameters are chosen do not use the seed

+ * -no_seed - if 'explicit' parameters are choosen do not use the seed

* -genkey - generate ec key

* -rand file - files to use for random number input

* -engine e - use engine e, possibly a hardware device

@@ -129,6 +129,9 @@ int MAIN(int argc, char **argv)

char *infile = NULL, *outfile = NULL, *prog;

BIO *in = NULL, *out = NULL;

int informat, outformat, noout = 0, C = 0, ret = 1;

+#ifndef OPENSSL_NO_ENGINE

+ ENGINE *e = NULL;

+#endif

char *engine = NULL;

BIGNUM *ec_p = NULL, *ec_a = NULL, *ec_b = NULL,

@@ -286,7 +289,7 @@ bad:

BIO_printf(bio_err, " "

" explicit\n");

BIO_printf(bio_err, " -no_seed if 'explicit'"

- " parameters are chosen do not"

+ " parameters are choosen do not"

" use the seed\n");

BIO_printf(bio_err, " -genkey generate ec"

" key\n");

@@ -337,7 +340,7 @@ bad:

}

#ifndef OPENSSL_NO_ENGINE

- setup_engine(bio_err, engine, 0);

+ e = setup_engine(bio_err, engine, 0);

#endif

if (list_curves)

@@ -722,10 +725,4 @@ static int ecparam_print_var(BIO *out, BIGNUM *in, const char *var,

BIO_printf(out, "\n\t};\n\n");

return 1;

}

-#else /* !OPENSSL_NO_EC */

-# if PEDANTIC

-static void *dummy=&dummy;

-# endif

#endif

diff --git a/lib/libssl/src/crypto/evp/e_seed.c b/lib/libssl/src/crypto/evp/e_seed.c
index 2d1759d2766..8c1ec0d43a6 100644
--- a/lib/libssl/src/crypto/evp/e_seed.c
+++ b/lib/libssl/src/crypto/evp/e_seed.c

@@ -54,11 +54,11 @@

#include <openssl/opensslconf.h>

-#ifndef OPENSSL_NO_SEED

#include <openssl/evp.h>

#include <openssl/err.h>

#include <string.h>

#include <assert.h>

+#ifndef OPENSSL_NO_SEED

#include <openssl/seed.h>

#include "evp_locl.h"

diff --git a/lib/libssl/src/crypto/seed/seed_cbc.c b/lib/libssl/src/crypto/seed/seed_cbc.c
index 6c3f9b527af..4f718ccb44e 100644
--- a/lib/libssl/src/crypto/seed/seed_cbc.c
+++ b/lib/libssl/src/crypto/seed/seed_cbc.c

@@ -49,15 +49,81 @@

-#include <openssl/seed.h>

-#include <openssl/modes.h>

+#include "seed_locl.h"

+#include <string.h>

void SEED_cbc_encrypt(const unsigned char *in, unsigned char *out,

size_t len, const SEED_KEY_SCHEDULE *ks,

unsigned char ivec[SEED_BLOCK_SIZE], int enc)

{

+ size_t n;

+ unsigned char tmp[SEED_BLOCK_SIZE];

+ const unsigned char *iv = ivec;

if (enc)

- CRYPTO_cbc128_encrypt(in,out,len,ks,ivec,(block128_f)SEED_encrypt);

- else

- CRYPTO_cbc128_decrypt(in,out,len,ks,ivec,(block128_f)SEED_decrypt);

+ {

+ while (len >= SEED_BLOCK_SIZE)

+ {

+ for (n = 0; n < SEED_BLOCK_SIZE; ++n)

+ out[n] = in[n] ^ iv[n];

+ SEED_encrypt(out, out, ks);

+ iv = out;

+ len -= SEED_BLOCK_SIZE;

+ in += SEED_BLOCK_SIZE;

+ out += SEED_BLOCK_SIZE;

+ }

+ if (len)

+ {

+ for (n = 0; n < len; ++n)

+ out[n] = in[n] ^ iv[n];

+ for (n = len; n < SEED_BLOCK_SIZE; ++n)

+ out[n] = iv[n];

+ SEED_encrypt(out, out, ks);

+ iv = out;

+ }

+ memcpy(ivec, iv, SEED_BLOCK_SIZE);

+ }

+ else if (in != out) /* decrypt */

+ {

+ while (len >= SEED_BLOCK_SIZE)

+ {

+ SEED_decrypt(in, out, ks);

+ for (n = 0; n < SEED_BLOCK_SIZE; ++n)

+ out[n] ^= iv[n];

+ iv = in;

+ len -= SEED_BLOCK_SIZE;

+ in += SEED_BLOCK_SIZE;

+ out += SEED_BLOCK_SIZE;

+ }

+ if (len)

+ {

+ SEED_decrypt(in, tmp, ks);

+ for (n = 0; n < len; ++n)

+ out[n] = tmp[n] ^ iv[n];

+ iv = in;

+ }

+ memcpy(ivec, iv, SEED_BLOCK_SIZE);

+ }

+ else /* decrypt, overlap */

+ {

+ while (len >= SEED_BLOCK_SIZE)

+ {

+ memcpy(tmp, in, SEED_BLOCK_SIZE);

+ SEED_decrypt(in, out, ks);

+ for (n = 0; n < SEED_BLOCK_SIZE; ++n)

+ out[n] ^= ivec[n];

+ memcpy(ivec, tmp, SEED_BLOCK_SIZE);

+ len -= SEED_BLOCK_SIZE;

+ in += SEED_BLOCK_SIZE;

+ out += SEED_BLOCK_SIZE;

+ }

+ if (len)

+ {

+ memcpy(tmp, in, SEED_BLOCK_SIZE);

+ SEED_decrypt(tmp, tmp, ks);

+ for (n = 0; n < len; ++n)

+ out[n] = tmp[n] ^ ivec[n];

+ memcpy(ivec, tmp, SEED_BLOCK_SIZE);

+ }

}

diff --git a/lib/libssl/src/crypto/seed/seed_cfb.c b/lib/libssl/src/crypto/seed/seed_cfb.c
index 694597dd06e..07d878a7888 100644
--- a/lib/libssl/src/crypto/seed/seed_cfb.c
+++ b/lib/libssl/src/crypto/seed/seed_cfb.c

@@ -105,12 +105,40 @@

* [including the GNU Public Licence.]

-#include <openssl/seed.h>

-#include <openssl/modes.h>

+#include "seed_locl.h"

+#include <string.h>

void SEED_cfb128_encrypt(const unsigned char *in, unsigned char *out,

size_t len, const SEED_KEY_SCHEDULE *ks,

unsigned char ivec[SEED_BLOCK_SIZE], int *num, int enc)

{

- CRYPTO_cfb128_encrypt(in,out,len,ks,ivec,num,enc,(block128_f)SEED_encrypt);

+ int n;

+ unsigned char c;

+ n = *num;

+ if (enc)

+ {

+ while (len--)

+ {

+ if (n == 0)

+ SEED_encrypt(ivec, ivec, ks);

+ ivec[n] = *(out++) = *(in++) ^ ivec[n];

+ n = (n+1) % SEED_BLOCK_SIZE;

+ }

+ else

+ {

+ while (len--)

+ {

+ if (n == 0)

+ SEED_encrypt(ivec, ivec, ks);

+ c = *(in);

+ *(out++) = *(in++) ^ ivec[n];

+ ivec[n] = c;

+ n = (n+1) % SEED_BLOCK_SIZE;

+ }

+ *num = n;

}

diff --git a/lib/libssl/src/crypto/seed/seed_ofb.c b/lib/libssl/src/crypto/seed/seed_ofb.c
index 3c8ba33bb9f..e2f3f57a38c 100644
--- a/lib/libssl/src/crypto/seed/seed_ofb.c
+++ b/lib/libssl/src/crypto/seed/seed_ofb.c

@@ -105,12 +105,24 @@

* [including the GNU Public Licence.]

-#include <openssl/seed.h>

-#include <openssl/modes.h>

+#include "seed_locl.h"

+#include <string.h>

void SEED_ofb128_encrypt(const unsigned char *in, unsigned char *out,

size_t len, const SEED_KEY_SCHEDULE *ks,

unsigned char ivec[SEED_BLOCK_SIZE], int *num)

{

- CRYPTO_ofb128_encrypt(in,out,len,ks,ivec,num,(block128_f)SEED_encrypt);

+ int n;

+ n = *num;

+ while (len--)

+ {

+ if (n == 0)

+ SEED_encrypt(ivec, ivec, ks);

+ *(out++) = *(in++) ^ ivec[n];

+ n = (n+1) % SEED_BLOCK_SIZE;

+ }

+ *num = n;

}